infrastructure / README.md
Commits | bovarysme Add instructions to upgrade OpenBSD in README.md Committed on Oct 18, 2020
2.1 kB | Download
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
# infrastructure Create and provision an infrastructure on Vultr using Terraform and Ansible. ## Requirements - [Ansible](https://www.ansible.com/) 2.9.4 or greater - [Terraform](https://www.terraform.io/) ## Usage - Install Ansible and Terraform. ### Create the infrastructure - Copy the `pre-commit` Git hook to `.git/hooks/pre-commit`. This ensures the Terraform configuration files are properly formatted. - Move to the `terraform` directory. - Rename `terraform.example.tfvars` to `terraform.tfvars` and fill it in. - Run the following commands: ``` $ terraform init $ terraform plan $ terraform apply ``` ### Provision the infrastructure - Move to the `ansible` directory. - Rename `vars.example.yml` to `group_vars/app/vars.yml` and fill it in. - Rename `vault.example.yml` to `group_vars/app/vault.yml` and fill it in. - Create a `vault_pass` file and fill it with a randomly chosen password. - Run the following commands: ``` $ ansible-vault encrypt group_vars/app/vault.yml $ ansible-playbook -i vultr.ini playbooks/provision.yml ``` ### Set up DNS records - Create A and AAAA records for: - `{{ domain }}`, - `git.{{ domain }}`, - and `mail.{{ domain }}`. - Create a MX record for `mail.{{ domain }}` with priority 10. - Create a SPF record with value `v=spf1 mx -all`. - Create a DKIM record with host `{{ dkim_selector }}._domainkey`, and the value given by the `dkim.py` script with the fetched DKIM public key. - Create a DMARC record with host `_dmarc` and value `v=DMARC1;p=none;rua=mailto:postmaster@{{ domain }}`. - Set `mail.{{ domain }}` as the reverse DNS for the default IPv4 and IPv6 addresses. ### Upgrade OpenBSD - Follow the upgrade guide: - Run sysupgrade. - Apply configuration changes. - Create and run a playbook to remove old files. - Upgrade packages with `pkg_add -u`. - If needed, create and run a playbook to update Git inside the `/var/www` chroot, and update the Git role. - If needed, run syspatch and reboot. ## License This project is licensed under the terms of the MIT license. |